• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号
登陆 注册
OStack程序员社区-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-23594
    CVE漏洞
    CVE-2022-23594
    Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:244 | 回复:0
  • CVE-2022-23593
    CVE漏洞
    CVE-2022-23593
    Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if calle ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:245 | 回复:0
  • CVE-2022-23592
    CVE漏洞
    CVE-2022-23592
    Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during produ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:236 | 回复:0
  • CVE-2022-23591
    CVE漏洞
    CVE-2022-23591
    Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a ` ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:247 | 回复:0
  • CVE-2022-23590
    CVE漏洞
    CVE-2022-23590
    Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:231 | 回复:0
  • CVE-2022-23589
    CVE漏洞
    CVE-2022-23589
    Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:245 | 回复:0
  • CVE-2022-23588
    CVE漏洞
    CVE-2022-23588
    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:245 | 回复:0
  • CVE-2022-23587
    CVE漏洞
    CVE-2022-23587
    Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Sinc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:250 | 回复:0
  • CVE-2022-23586
    CVE漏洞
    CVE-2022-23586
    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:277 | 回复:0
  • CVE-2022-23585
    CVE漏洞
    CVE-2022-23585
    Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., decode)`, the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:231 | 回复:0
  • CVE-2022-23584
    CVE漏洞
    CVE-2022-23584
    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(decode)` gets called, the values of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:253 | 回复:0
  • CVE-2022-23583
    CVE漏洞
    CVE-2022-23583
    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:236 | 回复:0
  • CVE-2022-23582
    CVE漏洞
    CVE-2022-23582
    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorSha ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:235 | 回复:0
  • CVE-2022-23581
    CVE漏洞
    CVE-2022-23581
    Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` woul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:228 | 回复:0
  • CVE-2022-23580
    CVE漏洞
    CVE-2022-23580
    Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:238 | 回复:0
  • CVE-2022-23579
    CVE漏洞
    CVE-2022-23579
    Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:240 | 回复:0
  • CVE-2022-23578
    CVE漏洞
    CVE-2022-23578
    Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item-kernel ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:243 | 回复:0
  • CVE-2022-23577
    CVE漏洞
    CVE-2022-23577
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:249 | 回复:0
  • CVE-2022-23576
    CVE漏洞
    CVE-2022-23576
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:242 | 回复:0
  • CVE-2022-23575
    CVE漏洞
    CVE-2022-23575
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:235 | 回复:0
  • CVE-2022-23574
    CVE漏洞
    CVE-2022-23574
    Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mut ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:250 | 回复:0
  • CVE-2022-23573
    CVE漏洞
    CVE-2022-23573
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implem ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:247 | 回复:0
  • CVE-2022-23572
    CVE漏洞
    CVE-2022-23572
    Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:244 | 回复:0
  • CVE-2022-23571
    CVE漏洞
    CVE-2022-23571
    Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlle ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:246 | 回复:0
  • CVE-2022-23570
    CVE漏洞
    CVE-2022-23570
    Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are mis ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:263 | 回复:0
  • CVE-2022-23566
    CVE漏洞
    CVE-2022-23566
    Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:263 | 回复:0
  • CVE-2022-23565
    CVE漏洞
    CVE-2022-23565
    Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:287 | 回复:0
  • CVE-2022-23564
    CVE漏洞
    CVE-2022-23564
    Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:42 | 阅读:274 | 回复:0
  • CVE-2022-23563
    CVE漏洞
    CVE-2022-23563
    Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and librarie ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:285 | 回复:0
  • CVE-2022-23562
    CVE漏洞
    CVE-2022-23562
    Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large alloc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:269 | 回复:0
  • CVE-2022-23561
    CVE漏洞
    CVE-2022-23561
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:284 | 回复:0
  • CVE-2022-23560
    CVE漏洞
    CVE-2022-23560
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:277 | 回复:0
  • CVE-2022-23559
    CVE漏洞
    CVE-2022-23559
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_siz ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:272 | 回复:0
  • CVE-2022-23558
    CVE漏洞
    CVE-2022-23558
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:286 | 回复:0
  • CVE-2022-23557
    CVE漏洞
    CVE-2022-23557
    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:294 | 回复:0
  • CVE-2022-23379
    CVE漏洞
    CVE-2022-23379
    Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:341 | 回复:0
  • CVE-2022-22987
    CVE漏洞
    CVE-2022-22987
    The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:293 | 回复:0
  • CVE-2022-22939
    CVE漏洞
    CVE-2022-22939
    VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:296 | 回复:0
  • CVE-2022-22804
    CVE漏洞
    CVE-2022-22804
    A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:302 | 回复:0
  • CVE-2022-22727
    CVE漏洞
    CVE-2022-22727
    A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 08:41 | 阅读:314 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap